Bug 2148841

Summary: [RHEL9.2] format failed when enable fips
Product: Red Hat Enterprise Linux 9 Reporter: guazhang <guazhang>
Component: cryptsetupAssignee: Daniel Zaťovič <dzatovic>
Status: CLOSED ERRATA QA Contact: guazhang <guazhang>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 9.2CC: agk, cllang, dbelyavs, hkario, jbrassow, okozina, omoris, prajnoha
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cryptsetup-2.6.0-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2151576 2151584 (view as bug list) Environment:
Last Closed: 2023-05-09 08:23:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2151576, 2151584    

Description guazhang@redhat.com 2022-11-28 06:17:46 UTC 
Description of problem:
Format luks when enable fips

Version-Release number of selected component (if applicable):
5.14.0-200.el9.x86_64
cryptsetup-2.4.3-5.el9.x86_64


How reproducible:


Steps to Reproduce:
1. 
/distribution/fips/setup-fips-enabled 
2. cryptsetup luksFormat /dev/loop0 
3.

Actual results:


Expected results:


Additional info:


[root@intel-chiefriver-02 cry_key]# cryptsetup luksFormat /dev/loop0  -q --debug
# cryptsetup 2.4.3 processing "cryptsetup luksFormat /dev/loop0 -q --debug"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/loop0.
# Trying to open and read device /dev/loop0 with direct-io.
# Initialising device-mapper backend library.
# Interactive passphrase entry requested.
Enter passphrase for /mnt/tests/kernel/storage/dm-crypt/cry_key/loop_file: 
# Checking new password using default pwquality settings.
# New password libpwquality score is 6.
Running in FIPS mode.
# Crypto backend (OpenSSL 3.0.7 1 Nov 2022 [fips]) initialized in cryptsetup library version 2.4.3.
# Detected kernel Linux 5.14.0-200.el9.x86_64 x86_64.
# PBKDF pbkdf2-sha256, time_ms 2000 (iterations 0).
# Formatting device /dev/loop0 as type LUKS2.
# Auto-detected optimal encryption sector size for device /dev/loop0 is 512 bytes.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Formatting LUKS2 with JSON metadata area 12288 bytes and keyslots area 16744448 bytes.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
Not compatible PBKDF2 options (using hash algorithm sha256).
# Releasing crypt device /dev/loop0 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/loop0.
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).
[root@intel-chiefriver-02 cry_key]#
Comment 1 Ondrej Kozina 2022-11-28 08:59:51 UTC 
Please, could you provide me with output of "openssl help" command run on the test machine?
Comment 2 guazhang@redhat.com 2022-11-28 10:22:44 UTC 
[root@intel-chiefriver-02 cryptsetup]# openssl help
help:

Standard commands
asn1parse         ca                ciphers           cmp               
cms               crl               crl2pkcs7         dgst              
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
fipsinstall       gendsa            genpkey           genrsa            
help              info              kdf               list              
mac               nseq              ocsp              passwd            
pkcs12            pkcs7             pkcs8             pkey              
pkeyparam         pkeyutl           prime             rand              
rehash            req               rsa               rsautl            
s_client          s_server          s_time            sess_id           
smime             speed             spkac             srp               
storeutl          ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
blake2b512        blake2s256        md2               md4               
md5               rmd160            sha1              sha224            
sha256            sha3-224          sha3-256          sha3-384          
sha3-512          sha384            sha512            sha512-224        
sha512-256        shake128          shake256          sm3               

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb      
aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb      
aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1     
aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb      
aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8     
aria-256-ctr      aria-256-ecb      aria-256-ofb      base64            
bf                bf-cbc            bf-cfb            bf-ecb            
bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  
camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast              
cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb         
cast5-ofb         des               des-cbc           des-cfb           
des-ecb           des-ede           des-ede-cbc       des-ede-cfb       
des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb      
des-ede3-ofb      des-ofb           des3              desx              
idea              idea-cbc          idea-cfb          idea-ecb          
idea-ofb          rc2               rc2-40-cbc        rc2-64-cbc        
rc2-cbc           rc2-cfb           rc2-ecb           rc2-ofb           
rc4               rc4-40            rc5               rc5-cbc           
rc5-cfb           rc5-ecb           rc5-ofb           seed              
seed-cbc          seed-cfb          seed-ecb          seed-ofb          
zlib              

[root@intel-chiefriver-02 cryptsetup]# 
[root@intel-chiefriver-02 cryptsetup]#
Comment 6 Hubert Kario 2022-11-29 15:13:31 UTC 
It's possible to create the volume in FIPS mode by specifying the PKKDF2 iteration count explicitly, like so:

cryptsetup luksFormat --pbkdf-force-iterations 1000000 /dev/loop0  -q --debug
Comment 7 Ondrej Kozina 2022-11-30 10:53:37 UTC 
Turning off the benchmark is not solution. We definitely do not want users to provide pbkdf parameters manually when adding keyslots. It has to be fixed.
Comment 8 Hubert Kario 2022-11-30 14:31:15 UTC 
Yes, it's a bug, it needs to be fixed, it's just a workaround to allow further testing with FDE in FIPS mode.
Comment 21 Ondrej Moriš 2022-12-13 14:06:47 UTC 
*** Bug 2152509 has been marked as a duplicate of this bug. ***
Comment 22 guazhang@redhat.com 2022-12-20 04:19:49 UTC 
[root@storageqe-104 ~]# fips-mode-setup --check
FIPS mode is enabled.
[root@storageqe-104 ~]# echo 'redhat redhat'|cryptsetup luksFormat /dev/loop0 

test pass with the fixed package.
Comment 26 errata-xmlrpc 2023-05-09 08:23:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cryptsetup bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2534